0N/A/*
2362N/A * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
2362N/A * published by the Free Software Foundation. Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
2362N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/Apackage sun.security.rsa;
0N/A
0N/Aimport java.io.IOException;
0N/Aimport java.math.BigInteger;
0N/A
0N/Aimport java.security.*;
0N/Aimport java.security.interfaces.*;
0N/A
0N/Aimport sun.security.util.*;
0N/Aimport sun.security.x509.AlgorithmId;
0N/Aimport sun.security.pkcs.PKCS8Key;
0N/A
0N/A/**
0N/A * Key implementation for RSA private keys, CRT form. For non-CRT private
0N/A * keys, see RSAPrivateKeyImpl. We need separate classes to ensure
0N/A * correct behavior in instanceof checks, etc.
0N/A *
0N/A * Note: RSA keys must be at least 512 bits long
0N/A *
0N/A * @see RSAPrivateKeyImpl
0N/A * @see RSAKeyFactory
0N/A *
0N/A * @since 1.5
0N/A * @author Andreas Sterbenz
0N/A */
0N/Apublic final class RSAPrivateCrtKeyImpl
0N/A extends PKCS8Key implements RSAPrivateCrtKey {
0N/A
0N/A private static final long serialVersionUID = -1326088454257084918L;
0N/A
0N/A private BigInteger n; // modulus
0N/A private BigInteger e; // public exponent
0N/A private BigInteger d; // private exponent
0N/A private BigInteger p; // prime p
0N/A private BigInteger q; // prime q
0N/A private BigInteger pe; // prime exponent p
0N/A private BigInteger qe; // prime exponent q
0N/A private BigInteger coeff; // CRT coeffcient
0N/A
0N/A // algorithmId used to identify RSA keys
0N/A final static AlgorithmId rsaId =
0N/A new AlgorithmId(AlgorithmId.RSAEncryption_oid);
0N/A
0N/A /**
0N/A * Generate a new key from its encoding. Returns a CRT key if possible
0N/A * and a non-CRT key otherwise. Used by RSAKeyFactory.
0N/A */
0N/A public static RSAPrivateKey newKey(byte[] encoded)
0N/A throws InvalidKeyException {
0N/A RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded);
0N/A if (key.getPublicExponent().signum() == 0) {
0N/A // public exponent is missing, return a non-CRT key
0N/A return new RSAPrivateKeyImpl(
0N/A key.getModulus(),
0N/A key.getPrivateExponent()
0N/A );
0N/A } else {
0N/A return key;
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Construct a key from its encoding. Called from newKey above.
0N/A */
0N/A RSAPrivateCrtKeyImpl(byte[] encoded) throws InvalidKeyException {
0N/A decode(encoded);
1111N/A RSAKeyFactory.checkRSAProviderKeyLengths(n.bitLength(), e);
0N/A }
0N/A
0N/A /**
0N/A * Construct a key from its components. Used by the
0N/A * RSAKeyFactory and the RSAKeyPairGenerator.
0N/A */
0N/A RSAPrivateCrtKeyImpl(BigInteger n, BigInteger e, BigInteger d,
0N/A BigInteger p, BigInteger q, BigInteger pe, BigInteger qe,
0N/A BigInteger coeff) throws InvalidKeyException {
0N/A this.n = n;
0N/A this.e = e;
0N/A this.d = d;
0N/A this.p = p;
0N/A this.q = q;
0N/A this.pe = pe;
0N/A this.qe = qe;
0N/A this.coeff = coeff;
1111N/A RSAKeyFactory.checkRSAProviderKeyLengths(n.bitLength(), e);
1111N/A
0N/A // generate the encoding
0N/A algid = rsaId;
0N/A try {
0N/A DerOutputStream out = new DerOutputStream();
0N/A out.putInteger(0); // version must be 0
0N/A out.putInteger(n);
0N/A out.putInteger(e);
0N/A out.putInteger(d);
0N/A out.putInteger(p);
0N/A out.putInteger(q);
0N/A out.putInteger(pe);
0N/A out.putInteger(qe);
0N/A out.putInteger(coeff);
0N/A DerValue val =
0N/A new DerValue(DerValue.tag_Sequence, out.toByteArray());
0N/A key = val.toByteArray();
0N/A } catch (IOException exc) {
0N/A // should never occur
0N/A throw new InvalidKeyException(exc);
0N/A }
0N/A }
0N/A
0N/A // see JCA doc
0N/A public String getAlgorithm() {
0N/A return "RSA";
0N/A }
0N/A
0N/A // see JCA doc
0N/A public BigInteger getModulus() {
0N/A return n;
0N/A }
0N/A
0N/A // see JCA doc
0N/A public BigInteger getPublicExponent() {
0N/A return e;
0N/A }
0N/A
0N/A // see JCA doc
0N/A public BigInteger getPrivateExponent() {
0N/A return d;
0N/A }
0N/A
0N/A // see JCA doc
0N/A public BigInteger getPrimeP() {
0N/A return p;
0N/A }
0N/A
0N/A // see JCA doc
0N/A public BigInteger getPrimeQ() {
0N/A return q;
0N/A }
0N/A
0N/A // see JCA doc
0N/A public BigInteger getPrimeExponentP() {
0N/A return pe;
0N/A }
0N/A
0N/A // see JCA doc
0N/A public BigInteger getPrimeExponentQ() {
0N/A return qe;
0N/A }
0N/A
0N/A // see JCA doc
0N/A public BigInteger getCrtCoefficient() {
0N/A return coeff;
0N/A }
0N/A
0N/A /**
0N/A * Parse the key. Called by PKCS8Key.
0N/A */
0N/A protected void parseKeyBits() throws InvalidKeyException {
0N/A try {
0N/A DerInputStream in = new DerInputStream(key);
0N/A DerValue derValue = in.getDerValue();
0N/A if (derValue.tag != DerValue.tag_Sequence) {
0N/A throw new IOException("Not a SEQUENCE");
0N/A }
0N/A DerInputStream data = derValue.data;
0N/A int version = data.getInteger();
0N/A if (version != 0) {
0N/A throw new IOException("Version must be 0");
0N/A }
0N/A n = getBigInteger(data);
0N/A e = getBigInteger(data);
0N/A d = getBigInteger(data);
0N/A p = getBigInteger(data);
0N/A q = getBigInteger(data);
0N/A pe = getBigInteger(data);
0N/A qe = getBigInteger(data);
0N/A coeff = getBigInteger(data);
0N/A if (derValue.data.available() != 0) {
0N/A throw new IOException("Extra data available");
0N/A }
0N/A } catch (IOException e) {
0N/A throw new InvalidKeyException("Invalid RSA private key", e);
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Read a BigInteger from the DerInputStream.
0N/A */
0N/A static BigInteger getBigInteger(DerInputStream data) throws IOException {
0N/A BigInteger b = data.getBigInteger();
0N/A
0N/A /*
0N/A * Some implementations do not correctly encode ASN.1 INTEGER values
0N/A * in 2's complement format, resulting in a negative integer when
0N/A * decoded. Correct the error by converting it to a positive integer.
0N/A *
0N/A * See CR 6255949
0N/A */
0N/A if (b.signum() < 0) {
0N/A b = new BigInteger(1, b.toByteArray());
0N/A }
0N/A return b;
0N/A }
0N/A
0N/A // return a string representation of this key for debugging
0N/A public String toString() {
0N/A StringBuffer sb = new StringBuffer();
0N/A sb.append("Sun RSA private CRT key, ");
0N/A sb.append(n.bitLength());
0N/A sb.append(" bits\n modulus: ");
0N/A sb.append(n);
0N/A sb.append("\n public exponent: ");
0N/A sb.append(e);
0N/A sb.append("\n private exponent: ");
0N/A sb.append(d);
0N/A sb.append("\n prime p: ");
0N/A sb.append(p);
0N/A sb.append("\n prime q: ");
0N/A sb.append(q);
0N/A sb.append("\n prime exponent p: ");
0N/A sb.append(pe);
0N/A sb.append("\n prime exponent q: ");
0N/A sb.append(qe);
0N/A sb.append("\n crt coefficient: ");
0N/A sb.append(coeff);
0N/A return sb.toString();
0N/A }
0N/A
0N/A}